package middleware import ( "context" "designs/common" "designs/config" "designs/global" "fmt" "net/http" "time" "github.com/gin-gonic/gin" ) /* 包体大小 */ func LimitRequestBodySize(maxSize int64) gin.HandlerFunc { return func(c *gin.Context) { c.Request.Body = http.MaxBytesReader(c.Writer, c.Request.Body, maxSize) if err := c.Request.ParseForm(); err != nil { c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "Request body too large"}) c.Abort() return } c.Next() } } /* token中间件 */ func TokenAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { //contentLength := c.Request.ContentLength //if contentLength > config.GetInt64("app.max_content") { // // 输出请求体的大小 // // fmt.Printf("Request body size: %d bytes\n", contentLength) // common.RetJson(1003, "ruquest too max", "", c) // c.Abort() // return //} //token := c.GetHeader("Authorization") ////校验token //if token == "" { // common.RetJson(-2, "Unauthorized", "", c) // c.Abort() // return //} //ok, openid, gid, pf := isValidToken(token) //if !ok { // common.RetJson(-1, "authorized invalid!", "", c) // c.Abort() // return //} // ////校验数据合法性(用户信息是否有效) //userKey := gid + ":" + pf + ":" + config.Get("app.user_table_key") + openid //userData, err := global.App.Redis.HGetAll(context.Background(), userKey).Result() //if err != nil { // common.RetJson(-1, "authorized invalid,redis cant find!", "", c) // c.Abort() // return //} //if len(userData) == 0 { // common.RetJson(-1, "用户信息不在数据库中", "", c) // c.Abort() // return //} ////校验请求次数 //apiPath := c.FullPath() //key := fmt.Sprintf("%s:%s:%s:%s:%s", gid, config.Get("app.api_limit_key"), pf, openid, apiPath) //count, err := global.App.Redis.Incr(context.Background(), key).Result() //if err != nil { // common.RetJson(1001, "server error!", "", c) // c.Abort() // return //} //if count == 1 { // global.App.Redis.Expire(context.Background(), key, time.Minute).Result() //} //if count > config.GetInt64("app.api_limit_count") { // common.RetJson(1002, "too many requests!", "", c) // c.Abort() // return //} ////设置上下文数据 //c.Set("openid", openid) //c.Set("gid", gid) //c.Set("pf", pf) ////如果校验通过 } } /* token是否有效 */ func isValidToken(token string) (bool, string, string, string) { openid, gid, pf, tokenType := common.ParseJwtWithClaims(token) //fmt.Printf("openid:%v,gid:%v,pf:%v,tokenType:%v", openid, gid, pf, tokenType) if openid == "" { return false, openid, gid, pf } else { //登录tonken 类型 if tokenType == 0 { return true, openid, gid, pf } return false, openid, gid, pf } } /* 刷新token中间件 */ func RefreshTokenAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { token := c.GetHeader("Authorization") //校验token if token == "" { common.RetJson(-2, "Unauthorized", "", c) c.Abort() return } ok, openid, gid, pf := isValidRefreshToken(token) if !ok { common.RetJson(-1, "authorized invalid!", "", c) c.Abort() return } //校验请求次数 apiPath := c.FullPath() key := fmt.Sprintf("%s:%s:%s:%s:%s", gid, config.Get("app.api_limit_key"), pf, openid, apiPath) count, err := global.App.Redis.Incr(context.Background(), key).Result() if err != nil { common.RetJson(1001, "server error!", "", c) c.Abort() return } if count == 1 { global.App.Redis.Expire(context.Background(), key, time.Minute).Result() } if count > config.GetInt64("app.api_limit_count") { common.RetJson(1002, "too many requests!", "", c) c.Abort() return } //设置上下文数据 c.Set("openid", openid) c.Set("gid", gid) c.Set("pf", pf) //如果校验通过 c.Next() } } /* token是否有效 */ func isValidRefreshToken(token string) (bool, string, string, string) { openid, gid, pf, tokenType := common.ParseJwtWithClaims(token) //fmt.Printf("openid:%v,gid:%v", openid, gid) if openid == "" { return false, openid, gid, pf } else { //登录刷新tonken 类型 if tokenType == 1 { return true, openid, gid, pf } return false, openid, gid, pf } }